Privacy

ESTA is committed to protecting the privacy of personal information that we handle in the delivery of services to the community, agencies, employees and agents. The way ESTA collects discloses and manages personal and health information contributes to its success.

Victoria has three key pieces of legislation: the Emergency Services Telecommunications Act 2004; the Privacy & Data Protection Act 2014; and the Health Records Act 2001 which apply to ESTA. These laws contain information about confidential information, and privacy principles which give people more say in regard to how their personal and health information is collected and used and who can access it.

In addition, Victoria’s Charter of Human Rights and Responsibilities protects individuals from having their privacy unlawfully or arbitrarily interfered with.

ESTA collects sensitive, personal and health information in the course of its operations. The organisation is committed to protecting confidential information, and to implementation of Victoria’s Information Privacy Principles and Health Privacy Principles, in the context of delivering emergency and related call-taking and dispatch services, including via triple zero.

Privacy framework

ESTA maintains a broad privacy framework, supported by an active strategy to improve privacy compliance and awareness. ESTA’s privacy framework is comprised of four elements:

Compliance with privacy laws and privacy principles, and other relevant legislation;

Provision of advice and guidance internally and externally regarding privacy rights and responsibilities;

which sets out in detail how the organisation meets its legislative and other privacy obligations.

ESTA information privacy policy

ESTA’s policy refers to the use and management of personal and health information collected by the Emergency Services Telecommunication Authority (ESTA).

Personal and health information held by ESTA is managed in accordance with the privacy principles contained in the Privacy and Data Protection Act 2014 (Vic),the Health Records Act 2001 (Vic) and as required by other laws. ESTA is required by law to have a policy on its information handling practices.

Definitions

Personal information is recorded information about a living identifiable or easily identifiable individual (including work related information or images).

Sensitive information is information about a living individual’s race or ethnicity, political opinions, religious or philosophical beliefs, sexual preferences or practices, criminal record, or membership details, such as trade union or professional, political or trade associations.

Health information is information about a living or deceased individual’s physical, mental or psychological health.

Confidential information is any information relating to calls received or messages communicated by (ESTA) in the course of providing a service to an emergency services and other related services organisation.

What does ESTA do?

ESTA was established by the Emergency Services Telecommunications Act 2004 to provide emergency call taking and dispatch and other communications services to emergency services organisations throughout Victoria (the services).

ESTA currently provides services to the following organisations:

Country Fire Authority

Ambulance Victoria

Metropolitan Fire Brigade

Victoria Police

Victoria State Emergency Service (VICSES).

ESTA is committed to protecting the privacy of personal information that we handle. Personal information is information that directly or indirectly identifies a person.

What areas of ESTA collect personal and health information?

All calls to triple zero, VICSES emergency calls and operational radio communications are voice recorded. Under the Telecommunications (Interception and Access) Act 1979 ESTA may listen to or record, by any means, such a communication within a ‘emergency service facility’ without the knowledge of the person making the communication. Administration telephony systems within the State Emergency Communications Centres are not recorded.

Because individuals, members of the public, and ESTA employees deal with different areas of the Authority, these areas may have additional privacy policies and practices that explain in more detail their particular information management practices. For example, ESTA’s People and Culture department has additional policies, which explain in more detail how human resources records are managed in accordance with privacy legislation. ESTA’s Operations Department has policies regarding access to control rooms.

How does ESTA treat confidential information?

ESTA collects sensitive and personal information in the course of its operations. This information is protected under the confidential sections of the Emergency Services Telecommunications Act 2004 but information is provided to other organisations to assist callers.

Section 33 (Secrecy) of the ESTA Act protects the "confidential information" of callers (whether or not such information is considered personal or health information) by limiting the use that ESTA, its staff members and any other person may make in relation to that information. Confidential information under the ESTA Act means “any information relating to calls received or messages communicated by [ESTA] in the course of providing a service to an emergency services and other related services organisation”.

The restriction on the use of confidential information is as follows: “A person who has confidential information that he or she has received in the course of carrying out duties under the ESTA Act must not, except to the extent necessary to perform duties under the ESTA Act, record, disclose, communicate or make use of that information”.

All ESTA employees are required to comply with this restriction and, under the ESTA Act, penalties may apply for breach of this restriction.

Certain areas of ESTA and some ESTA personnel may not have to comply with some or all of the privacy principles. These situations include where:

The provisions of another Act are more specific about how information should be managed.

The area makes use of generally available publications, for example, websites, or publicly accessible directories.

Employees are carrying out law enforcement functions which would be hindered if they were to comply with all of the privacy principles.

If the use or disclosure it is necessary to lessen or prevent a serious and imminent threat to an individual’s life, health, safety or welfare.

What sort of information does ESTA collect?

In broad terms ESTA:

collects only information needed for the provision of ESTA’s services

takes reasonable steps to ensure personal information is accurate, complete, up-to-date and relevant to the functions performed

uses and discloses it only for ESTA’s service provision purposes, for another purpose with the person's consent, or as otherwise authorised by law

stores information securely, protecting it from unauthorised access

retains it for the period authorised by the Public Records Act 1973

provides the person with access to their own information, and the right to seek its correction

ESTA also collects personal and health information for statutory and administrative reasons.

ESTA may collect sensitive information according to privacy and other legislation.

Why does ESTA collect information?

ESTA collects personal and health information as necessary for its functions of service delivery, administration and enforcement of the law.

Below are the most common reasons that ESTA may collect and use your personal information:

If you ring ESTA (for example via Triple Zero or VICSES 132 500 to request assistance from an emergency service).

When seeking to obtain your direct feedback on services provided by ESTA.

If you seek to be or are employed by ESTA (including referee and police checks).

You are or would like to be a supplier or contractor to ESTA

If you request information from ESTA.

ESTA takes reasonable steps to explain why personal or health information is collected, what is done with it, whether any laws require it and the main consequences for an individual if it is not provided to ESTA.

What does ESTA do with the information?

ESTA uses and provides to other people or organisations, personal or health information necessary to provide the requested emergency service. ESTA is authorised by law to use or provide personal or health information to others for the purpose of providing its service.

ESTA only assigns or adopts a unique identifier (e.g. employee number) for an individual if it is necessary, authorised by law or with consent. ESTA ensures any transfer of personal or health information outside Victoria is in accordance with privacy and other legislation.

How does ESTA ensure that information is accurate and up-to-date?

ESTA takes reasonable steps to ensure that personal and heath information held is accurate, complete and up-to-date. Usually, ESTA relies on individuals to provide accurate and current information in the first instance, and to notify when circumstances or details change.

How does ESTA store and protect information?

ESTA has security measures aimed at protecting personal and health information from misuse, loss, unauthorised access or disclosure. Stored information is also archived in accordance with the Public Records Act 1973, which determines when it is appropriate to retain or dispose of it.

How can individuals access information held by ESTA?

ESTA Act

Section 33 of the ESTA Act is titled “Secrecy” and protects the "confidential information" of callers (whether or not such information is considered personal or health information) by limiting the use that ESTA, its staff members and any other person may make in relation to that information.

The ESTA Act permits disclosure of confidential information with the written authority of the Minister, or the person to whom the information relates. ESTA has Ministerial Authorisation permitting the release of otherwise confidential information in specific circumstances.

The Authorisation does not permit the disclosure or communication of information that would reveal the identity of an individual or an organisation without the express or implied consent of each individual or organisation concerned. If an individual is incapable of giving consent, the consent of the individual's next of kin or personal legal representative must be obtained.

The Ministerial instrument restricts who from ESTA may permit the release of call audio and similar personal information. Individuals can seek call-taking and dispatch related information that relates to them by requesting access under Section 33 of the ESTA Act.

Freedom of Information Act

The Freedom of Information Act 1982 (FOI Act) gives some limited rights of access to information that ESTA holds. Detail regarding ESTA, documents ESTA holds, and how you can access this information is contained in the Freedom of Information

Individuals should note that Section 38 of the Freedom of Information Act provides an exemption from release for information that is deemed confidential under another Act. Section 33 of the ESTA Act is a secrecy provision and ESTA views all requests for information relating to call-taking and dispatch operations as exempt. You may consider requesting information relating to you that contains call-taking or dispatch information under the ESTA Act as outlined above.

If you wish to request information held by ESTA by making application under the FOI Act please write to:

Each application must clearly identify the documents sought and be accompanied with proof of identification (e.g. a clear photocopy of driver’s licence) and a cheque or money order payable to ESTA for the $27.90 (as at 1 July 2016) FOI application fee.

How does ESTA handle complaints about privacy?

ESTA undertakes to resolve privacy complaints in a timely, fair and reasoned way.

ESTA employs conduct management policies to address any alleged privacy breaches by employees. It also maintains an Incident Management Framework to help manage any breach caused by a system, process or other failure.

Contact the Chief Privacy Officer if you would like to report a breach of privacy: